06-10-2024 01:51 PM
I was successful in using an internal IP range to grant access based off the Authorized networks policy on an application using RADIUS. However, we are looking at implementing this on an application we want to move to SSO. The documentation says some applications can use internal IPs, but some cant. Does anyone know if the Authorized Networks policy will work correctly with SSO if I use a private IP range?
06-10-2024 04:55 PM
my experience is no as the SSO from like Azure will always show the public ip of the client... what you have to ask is what is the ip that will be seen by the first SSO based application like example azure -very likely your public ip, then that is what DUO will also see. I think the cases where it may work are like radius integration where you are integrating with radius and no DUO prompt is required...
https://duo.com/docs/adfs - also with Duo ADFS where you are doing local AD auth, you can mention in ADFS which networks you dont want to invoke DUO...
06-12-2024 02:04 PM
The other responder is correct. We're going to get the external or NATed IP from the client loading the Duo prompt in the browser.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide